Permalink
Browse files

Trying to be a bit more compatible with the future Authen::SASL::XS

It has to be noted that getsecret is a deprecated callback in SASL v2
(apparently).
  • Loading branch information...
1 parent 620f0ea commit 8696efe1fd8e0bddf8d2a6e01d0e6cbd43fe7de9 @yannk yannk committed with gbarr Jan 16, 2009
@@ -418,7 +418,9 @@ sub server_step {
}
my $realm = $cparams{'realm'};
- my $password = $self->_call('pass', $username, $realm, $authzid);
+ my $password = $self->_call('getsecret', $username, $realm, $authzid );
+ return $self->set_error("Cannot get the passord for $username")
+ unless defined $password;
## configure the security layer
$self->_server_layer($cparams{qop} || "auth")
@@ -434,6 +436,9 @@ sub server_step {
rspauth => $rspauth,
);
+ # I'm not entirely sure of what I am doing
+ $self->{answer}{$_} = $cparams{$_} for qw/username authzid realm serv/;
+
$self->set_success;
return _response(\%response);
}
@@ -725,47 +730,47 @@ algorithm, as described in RFC 2831.
The callbacks used are:
+=head3 client
+
=over 4
=item authname
-The authorization id to use after successful authentication (client)
+The authorization id to use after successful authentication
=item user
-The username to be used in the response (client)
+The username to be used in the response
=item pass
The password to be used to compute the response.
-If this callback is a coderef, then in server_step, the following
-arguments are passed:
+=item serv
-=over 4
+The service name when authenticating to a replicated service
-=item username, the username the client wants to authenticate against
+=item realm
-=item realm, the realm specified in client's response
+The authentication realm when overriding the server-provided default.
+If not given the server-provided value is used.
-=item authzid, The "authorization ID" as per RFC 2222, encoded in UTF-8
+The callback will be passed the list of realms that the server provided
+in the initial response.
=back
-=item serv
+=head3 server
-The service name when authenticating to a replicated service (client only)
+=over4
=item realm
-For the server: the default realm to provide to the client
+The default realm to provide to the client
-For the client:
-The authentication realm when overriding the server-provided default.
-If not given the server-provided value is used.
+=item getsecret(username, realm, authzid)
-The callback will be passed the list of realms that the server provided
-in the initial response.
+returns the password associated with C<username> and C<realm>
=back
@@ -48,7 +48,11 @@ sub server_start {
my %parts;
@parts{@tokens} = split "\0", $challenge, scalar @tokens;
- my $expected_pass = $self->_call('pass', $parts{user}, $parts{authname});
+
+ # I'm not entirely sure of what I am doing
+ $self->{answer}{$_} = $parts{$_} for qw/authname user/;
+
+ my $expected_pass = $self->_call('getsecret', @parts{qw/user authname/});
return $self->set_error("Credentials don't match")
unless defined $expected_pass;
return $self->set_error("Credentials don't match")
@@ -87,6 +91,8 @@ as described in RFC 2595 resp. IETF Draft draft-ietf-sasl-plain-XX.txt
The callbacks used are:
+=head3 Client
+
=over 4
=item authname
@@ -100,7 +106,21 @@ The username to be used for authentication (client)
=item pass
The user's password to be used for authentication.
-For the server,
+
+=back
+
+=head3 Server
+
+=over4
+
+=item getsecret(username, realm)
+
+returns the password associated with C<username> and C<realm>
+
+=item checkpass(username, password, realm)
+
+returns true and false depending on the validity of the credentials passed
+in arguments.
=back
@@ -23,7 +23,7 @@ my $sconf = {
sasl => {
mechanism => 'DIGEST-MD5',
callback => {
- pass => 'maelys',
+ getsecret => 'maelys',
},
},
host => 'localhost',
@@ -51,7 +51,7 @@ negotiate($cconf, $sconf, sub {
## arguments passed to server pass callback
{
local $cconf->{sasl}{callback}{authname} = "some authzid";
- local $sconf->{sasl}{callback}{pass} = sub {
+ local $sconf->{sasl}{callback}{getsecret} = sub {
my $server = shift;
my ($username, $realm, $authzid) = @_;
is $username, "yann", "username";
View
@@ -25,7 +25,7 @@ my $sconf = {
sasl => {
mechanism => 'PLAIN',
callback => {
- pass => 'maelys',
+ getsecret => 'maelys',
},
},
host => 'localhost',
@@ -44,7 +44,7 @@ negotiate($cconf, $sconf, sub {
## invalid password
{
# hey callback could just be a subref that returns a localvar
- local $sconf->{sasl}{callback}{pass} = "x";
+ local $sconf->{sasl}{callback}{getsecret} = "x";
negotiate($cconf, $sconf, sub {
my ($clt, $srv) = @_;
@@ -56,7 +56,7 @@ negotiate($cconf, $sconf, sub {
## invalid password
{
# hey callback could just be a subref that returns a localvar
- local $sconf->{sasl}{callback}{pass} = "x";
+ local $sconf->{sasl}{callback}{getsecret} = "x";
negotiate($cconf, $sconf, sub {
my ($clt, $srv) = @_;
View
@@ -18,9 +18,7 @@ my $authname;
my $sasl = Authen::SASL->new(
mechanism => 'DIGEST-MD5',
callback => {
- user => 'gbarr',
- pass => 'fred',
- authname => sub { $authname },
+ getsecret => 'fred',
},
);
ok($sasl,'new');
View
@@ -21,7 +21,7 @@ my %creds = (
my %params = (
mechanism => 'PLAIN',
callback => {
- pass => sub {
+ getsecret => sub {
my $self = shift;
my ($username, $authzid) = @_;
return unless $username;

0 comments on commit 8696efe

Please sign in to comment.